Lucene search

PatchstackCVE-2023-40209

HistoryJun 12, 2024 - 10:15 a.m.

CVE-2023-40209

2024-06-1210:15:25

CWE-862

Patchstack

web.nvd.nist.gov

missing authorization

himalaya saxena

highcompress image compressor

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

14.5%

JSON

Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

himalayasaxenahighcompress_image_compressorRange≤6.0.0wordpress

VendorProductVersionCPE
himalayasaxenahighcompress_image_compressor*cpe:2.3:a:himalayasaxena:highcompress_image_compressor:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
himalayasaxena	highcompress_image_compressor	*	cpe:2.3:a:himalayasaxena:highcompress_image_compressor::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "high-compress",
    "product": "Highcompress Image Compressor",
    "vendor": "Himalaya Saxena",
    "versions": [
      {
        "lessThanOrEqual": "6.0.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/high-compress/wordpress-highcompress-image-compressor-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

14.5%

JSON

Related for CVE-2023-40209